隐私政策
更新时间:2022年11月07日
中兴通讯股份有限公司及其子公司(统称为“中兴通讯”、“我们”)深知个人信息对您的重要性,并会尽全力保护您的个人信息安全可靠,我们承诺按照业界成熟的安全标准,采取适当的安全保护措施保护您的个人信息。
本隐私政策适用于中兴通讯SRM网站。除本隐私政策说明的相关信息收集使用活动外,本隐私政策不适用于我们的第三方服务商及其他第三方向您提供的其他服务。如果您有任何疑问、意见或建议,您可以通过以下电子邮箱与我们联系:Privacy@zte.com.cn。
您可以通过本隐私政策充分了解SRM网站如何收集、使用、存储、共享和转让您的个人信息,以及您所享有的权利及行权方式,其中要点如下:
我们将逐一说明我们收集的您的个人信息类型及其对应的用途,以便您了解我们针对某一特定功能所收集的具体个人信息的类别、使用理由及收集方式。
当您使用某些功能时,我们会在获得您的同意后,收集您的敏感个人信息。除非按照相关法律法规要求必须收集,拒绝提供这些信息仅会使您无法使用相关特定功能,但不影响您正常使用SRM网站的其他功能。
除本隐私政策另行说明的情况外,我们不会主动共享或转让您的个人信息至中兴通讯外的第三方。如存在其他共享或转让您的个人信息,我们会直接征得您对上述行为的明示同意,但法律法规另有规定或因保护用户权益需要的除外。此外,我们会对对外提供信息的行为进行风险评估。
我们不会主动从中兴通讯外的第三方获取您的个人信息。如为业务发展需要从第三方获取您的个人信息,我们会依法核实来源的合法性,或在获取前向您明示您个人信息的来源、类型及使用范围;如SRM网站开展业务需进行的个人信息处理活动超出您原本向第三方提供个人信息时的授权同意范围,我们将在处理您的该等个人信息前,征得您的明示同意;此外,我们也将会严格遵守相关法律法规的规定,并要求第三方保障其提供的信息的合法性。
您可以通过本隐私政策所列途径及方式查阅、更正、复制、删除您的个人信息,也可以撤回同意、注销帐号、投诉举报以及进行个性化设置等隐私功能。
如您想了解更加详尽的信息,请根据以下索引阅读相应章节:
5. 您所享有的权利
6. 您的个人信息如何跨境转移
9. 本隐私政策如何更新
10. 如何联系我们
您在使用我们产品和服务时,我们可能会收集您的个人信息。根据您使用的产品和服务的不同,具体收集的数据类型也将有所不同,具体包括如下两种:
1) 为实现向您提供我们服务合作的基本功能,您须授权我们收集、使用的必要的信息。如您拒绝提供相应信息,您将无法正常使用我们的SRM网站;
2) 为实现向您提供我们SRM网站的附加功能,您可选择同意或不同意我们收集、使用的信息。如您拒绝提供,您将无法正常使用相关附加功能或无法达到我们拟达到的功能效果,不会影响您使用我们的基本功能。
我们在此特别提醒您:我们致力于打造多样的产品和服务以满足您的需求。因我们向您提供的产品和服务种类众多,且不同用户选择使用的具体产品/服务范围存在差异,故基本/附加功能及对应收集使用的个人信息类型、范围会有所区别,请以具体的产品/服务功能为准。
1.1. 我们的产品及/或服务的会按照如下方式收集个人信息:
1.1.1 基础服务
在您同意使用我们产品/服务的基础上,我们基于您注册的账户为您提供服务。为了创建您的账号和业务合作需要,您需要至少向我们提供您的姓名、性别、国籍、证件类型、证件号码、出生年份、联系电话、个人邮箱、身份ID扫描件、常驻城市和邮编。如果您拒绝提供上述信息,您将无法注册账户和进行业务合作。为了确保我们是在为您本人提供服务,我们会根据您提供的上述信息校验您的身份。
1)注册账户和业务合作
当您在SRM网站创建账户时,我们需要收集您的个人邮箱、姓名、证件类型、证件号码、国籍和身份ID扫描件。个人邮箱是您登录系统的账户。姓名、证件号码和国籍将用于业务合作时的派工和结算。为了校验你的身份信息的准确性,我们还需要你提供身份ID扫描件。在完成身份校验完成后,我们将删除您提供的身份ID扫描件。
2)工作任务安排
当与中兴产生人员租赁业务合作时,为了工作沟通,我们会使用您的姓名、联系电话和个人邮箱;为了保障您的健康安全,我们会使用您的性别和出生年份,安排合适的工作岗位和工作任务。
3)个人主体扫描
中兴通讯及其子公司遵守适用的国际出口管制法,包括美国出口管制法(“出口管制法”)。为了根据上述的相关国际出口管制法进行受限制主体筛查,我们需要收集您的姓名、国籍,如您位于俄罗斯或乌克兰地区,我们还需要您提供您的邮编和地址。
另外,您还可以根据自身需求选择填写服务部门、职位和通讯地址等信息,如您拒绝填写的,不影响您账户的正常使用。
在您通过邮件明确表示不再合作需要删除个人数据后,我们将对你的个人数据进行删除或匿名化处理。
1.2. 我们从第三方(仅限你的雇主)间接收集您个人信息的情况
我们可能会从第三方间接收集(如共享等)您的个人信息,但这只发生在:我们确认该第三方已经就相关个人信息分享给我们获得您的同意,或者第三方依法被许可或被要求向我们披露您的个人信息。
我们会了解第三方已获得的个人信息处理的同意范围,包括使用目的以及您是否及在怎样的程度上同意转让、共享、披露、删除等。
这些从第三方获取的个人信息将用于为您提供服务,以及用于保证我们所掌握的您的相关记录的准确性。如果我们对这些个人信息拟进行的处理活动超出第三方已获得的同意范围,在进行这些处理之前,我们会直接或通过提供信息的第三方征得您的同意。
1.3. 征得同意的例外情形
根据相关法律法规,在以下情形中,我们可能会处理您的相关个人信息而无需征求您的授权同意:
1) 为我们履行法定义务或法定职责所必需;
2) 为订立、履行您作为一方当事人的合同所必需;
3) 为应对突发公共卫生事件,或者紧急情况下为保护自然人的生命健康和财产安全所必需;
4) 依法在合理的范围内处理您自行公开或者其他已经合法公开的个人信息;
5) 法律、行政法规规定的其他情形。
在紧急情况下,为保护您或其他个人的生命健康和财产安全,我们可能对您的个人信息进行处理而无法及时通知您,我们将在紧急情况消除后及时告知相关情况。
在某些情况下,为了确保服务的安全,帮助我们更好地了解我们产品或服务的运行情况,我们会使用您向我们提供的或在与我们互动的过程中披露的其他信息,例如,您使用应用程序的频率、崩溃数据、总体使用情况、性能数据以及应用程序的来源。我们不会将我们存储在分析软件中的信息与您提供的任何个人身份信息融合处理。
请您理解,我们向您提供的功能和服务是不断更新和发展的,如果某一功能或服务未在前述政策中告知收集、使用您的信息的处理规则,我们会通过页面提示、交互流程、网站公告等方式另行向您告知信息收集的范围、目的及方式,并可能征求您的同意。
如我们使用您的个人信息,超出了您所授权的目的及具有直接或合理关联的范围,我们将在使用您的个人信息前,再次向您告知并征得您的明示同意。
如果本隐私政策没有特别说明,我们将会在达成本隐私政策所述目的所需的期限内保留您的个人信息,除非法律要求、许可或允许延长保留期。因为基于不同的场景和产品及服务的不同,数据的存储期可能会有所不同,我们用于确定存留期的标准(以其中较长者为准)包括:
1) 完成该业务目的需要留存个人信息的时间,包括提供产品和服务,维护相应的交易及业务记录,管控并提升产品与服务性能与质量,保证系统、产品和服务的安全,应对可能的用户查询或投诉,问题定位等;
2) 用户是否同意更长的留存期间;
3) 法律、合同等是否有保留数据的特殊要求等。
当产品/服务/网站发生停止运营的情形时,我们将以推送通知、公告等形式通知您,并在合理的期限内删除或匿名化处理您的个人信息。
3.1. Cookie和同类技术
我们的网站使用Cookies和其他类似技术来区分您与我们网站的其他用户。这有助于我们在您浏览网站时,为您提供良好的体验,并允许我们改进我们的网站。
Cookie是一份小的字母和数字文件,当您同意的时候,我们将其存储在您的计算机或移动设备的内存或硬盘中,然后可以将其作为识别计算机或移动设备的标签。
Cookie通常被分类为“会话”Cookie或“持久”Cookie。 会话Cookie可以帮助您有效地浏览网站,跟踪您的页面到页面的进度,以便不要求您在当前访问期间重复提供信息,比如您在切换页面时不会清空您的购物车。会话Cookie存储在临时内存中,并在Web浏览器关闭时被删除。 持久性Cookie可以存储用户偏好,它们存储在您的设备上,重新启动浏览器时仍然有效。例如,我们使用持久性Cookie来记录您选择的语言和国家/地区、字体大小或其他设置。这可以使您在下次访问我们的网站时,不用重新配置。
您可以清除计算机上保存的所有 Cookie,或者直接删除存储在您的设备上的Cookie,但如果您这么做,则需要在每一次访问我们的网站时更改设置。大部分浏览器都有阻止Cookie的功能,如果您希望通过浏览器对Cookie进行管理,可以参考浏览器开发商的介绍或从互联网上进行查询。关于Cookie的更多信息,您也可以查看 AboutCookies.org 网站。
除 Cookie 外,我们还会在网站上使用网站信标和像素标签等其他同类技术。例如,我们向您邮箱发送的账号激活链接。可以通过上述技术跟踪此次点击,帮助我们了解您的产品和服务偏好并改善客户服务。网站信标通常是一种嵌入到网站或电子邮件中的透明图像。借助于电子邮件中的像素标签,我们能够获知电子邮件是否被打开。如果您不希望自己的活动以这种方式被追踪,则随时设置您的邮箱拒绝接收,或登录我们相关服务网站退订该邮件服务。
如果您的浏览器设置了 Do Not Track 功能,我们的服务网站会尊重您的选择。
我们不会将Cookie用于如前所述之外的目的。
4.1. 我们不会与中兴通讯及子公司以外的任何公司、组织和个人分享您的个人信息,但以下情况除外:
1) 在获取明确同意的情况下共享:获得您单独同意后,我们会与其他方共享您的个人信息。
2) 我们可能会根据法律法规规定,或按政府主管部门的强制性要求,对外共享您的个人信息。
3) 与我们的附属公司共享:您的个人信息可能会与我们的附属公司共享。我们只会共享必要的个人信息,且受本隐私政策中所声明目的的约束。附属公司如要改变个人信息的处理目的,将再次征求您的授权同意。
4) 与授权合作伙伴共享:仅为实现本隐私政策中声明的目的,我们的某些服务将由授权合作伙伴提供。我们可能会与合作伙伴共享您的某些个人信息,以提供更好的客户服务和用户体验。
4.2. 我们不会将您的个人信息转让给任何公司、组织和个人,但以下情况除外:
1) 在获取您单独同意的情况下转让:获得您的单独同意后,我们会向其他方转让您的个人信息;
2) 在涉及合并、分立、解散或被宣告破产时,如涉及到个人信息转让,我们会及时向您告知接收方的名称或者姓名和联系方式,同时要求新的持有您个人信息的公司、组织或个人继续受本隐私政策的约束。否则我们将要求该接收方重新向您征求授权同意。
4.3. 我们仅会在以下情况下,公开披露您的个人信息:
1) 获得您单独同意后;
2) 基于法律的披露:在法律、法律程序、诉讼或政府主管部门强制性要求的情况下,我们可能会公开披露您的个人信息。
关于我们所处理的您的个人信息,您拥有多种法律权利。这些权利可能在不同的国家有所区别,但主要包含以下几项:
如果您想查阅您的个人信息,可以通过以下方式自行查阅:https://supply.zte.com.cn/nsscm,外包商认证,外包商人力资源管理,维护人力资源。
5.2. 更正、补充您的个人信息
当您发现我们处理的关于您的个人信息有错误时,您有权进行更正或补充。您可以通过“5.1 查阅您的个人信息”中罗列的方式进行更正、补充。
5.3. 删除您的个人信息
在以下情形中,您可以删除您的个人信息:
1) 如果我们处理个人信息的行为违反法律法规;
2) 如果我们处理个人信息的行为违反了本隐私政策的规定;
3) 如果本隐私政策规定的个人信息处理目的已实现、无法实现或者相关个人信息对于实现处理目的不再必要;
4) 如果您不再使用我们的产品或服务,或您注销了账号;
5) 如果您改变了授权同意的范围导致我们不再有权处理您的信息;
6) 如果我们不再为您提供产品或服务,或保存期限已届满。
当您想要删除您的个人信息时,您可以随时发送电子邮件至Privacy@zte.com.cn, 我们将在15个工作日内回复您的更正请求。
一旦您成功删除了您的个人信息,我们还将尽可能地通知从我们处获得您个人信息的实体,要求其及时删除,除非法律法规另有规定,或这些实体获得您的独立授权。当您自行删除或我们协助您删除信息后,由于适用法律法规或安全技术的限制,我们可能不会立即在备份系统中删除相应的信息;我们将安全地存储您的个人信息,限制对其的进一步处理,并在备份更新时删除这些信息。
5.4. 改变您授权同意的范围
请您理解,每个业务功能需要一些基本的个人信息才能得以完成,当您撤回同意或授权后,我们无法继续为您提供撤回同意或授权所对应的服务;如果该信息为我们履行法律法规规定的义务所必须或者我们提供主要服务所必须,我们可能没有办法响应您的请求或者将会影响您正常使用我们的服务。当您撤回同意后,我们将不再处理相应的个人信息;但您收回同意的决定,不会影响此前基于您的授权同意而开展的个人信息处理。
当您需要改变您授权同意的范围,您可以随时发送电子邮件至Privacy@zte.com.cn, 我们将在15个工作日内回复您的请求。
5.5. 注销您的账户
您随时可通过发送邮件到Privacy@zte.com.cn要求注销此前注册的账户。
在注销账户之后,我们将停止为您提供产品或服务,并按照本隐私政策删除或匿名化您的个人信息。
5.6. 复制、转移您的个人信息
目前我们无法支持用户自主复制、转移个人信息。如需进一步帮助,您可以发送电子邮件至Privacy@zte.com.cn。我们将在15个工作日内回复您的请求。
5.7. 响应您的上述请求
如果您的请求无法通过上述方式实现,您可通过本隐私政策第10条中规定的方式和地址以邮寄信件或电子邮件的形式向我们发送书面申请,我们将以信件、电子邮件或任何其他适当的方法回复您的申请。为了保障安全,我们可能需要您提供书面请求或提供您的身份证明信息及文件,我们将在验证您的身份且明确您的请求后的15个工作日内答复您的请求。我们可能无法满足在适用法律下您不享有的权利(例如查看涉及他人信息的数据)。
当您要求我们更正或停止处理我们所存储的关于您的个人信息时,在我们确认信息有误、或应当对其停止处理后,我们将立即删除或更正相应信息。若我们确认的结果与之相反,我们将及时向您告知,并在相关文档中记录您认为信息有误这一事实。
原则上,我们在中华人民共和国境内收集和产生的个人信息,将存储在中华人民共和国境内。
若我们将您的个人信息跨境转移至其它国家或地区时,我们将采取一系列合理措施确保您的个人信息得到本隐私政策所规定的同等保护。在法律法规有特殊要求的情况下,我们还会就对您个人信息的跨境转移行为单独征得您的同意,并且对其进行安全评估以充分防控风险,保障您的个人信息安全。
我们非常重视对未成年人个人信息的保护。若您是18周岁或根据相关法律法规规定的其他年龄以下的未成年人,在使用SRM网站前,您应在您的家长或其他法定监护人的指导下阅读和决定是否同意本隐私政策。
尽管当地法律和习俗对儿童的定义不同,但我们将不满14周岁的任何人均视为儿童。对于未年满14周岁的儿童,未经儿童的父母或监护人的同意,我们不会收集儿童的个人信息。对于经父母或监护人同意而收集的儿童个人信息,我们只会在符合当地法律要求,父母或监护人明确同意的情况下,收集和使用相关数据。如果我们在未事先获得可证实的父母或监护人同意的情况下收集了儿童的个人信息,则会设法尽快删除相关数据。
若您是未成年人的监护人,当您对您所监护的未成年人的个人信息有相关疑问时,请通过第10条中的联系方式与我们联系。
8.1. 我们通过加强物理、管理和技术方面的安全保障措施,比如门禁系统、监控系统、加密、匿名化或假名化等措施,努力保护您的个人信息不被未经授权地访问、使用、披露、修改、损坏或丢失及其它的形式的非法处理。我们的信息安全政策和程序严格按照国际标准来进行设计,并会定期进行审核和更新,并通过第三方来检验我们的安全措施,以满足我们的业务需求、技术变更和监管要求。
8.2. 中兴通讯的中国总部及部分子公司已经通过了ISO/IEC 27001:2013信息安全管理体系认证,以保证您的个人信息的安全性。中兴通讯终端产品、5G产品、核心网产品、数字技术产品以及人力资源体系已经成功获得ISO/IEC 27701:2019隐私信息管理体系认证。其中,中兴通讯5G产品是全球首个获得ISO 27701认证的5G产品,我们可以为全球客户提供更加安全、可靠、合规的5G产品及方案,交付更高标准的5G网络。
8.3. 如发生涉及您的个人信息安全事件,我们将积极采取补救措施并履行我们的告知义务,具体可能包括向您告知以下信息:安全事件的基本情况和可能造成的影响、我们已采取或将要采取的处置措施、您可自主防范和降低风险的建议等。我们将努力做到及时以电话、电子邮件或推送通知等方式告知您。
8.4. 我们会尽力保护您的个人信息。我们也请您理解,任何安全措施都无法做到无懈可击。我们制定了应急制度,如果您知道或有理由相信您的个人信息已丢失、被盗用、被挪用或遭到其他方式入侵,或者出现任何实际或怀疑盗用您的个人信息的情况,您可按照本隐私政策第10条联系我们。
随着可适用法律法规的变化以及我们的产品/服务不断的改进,我们可能会不定时更新本隐私政策。如本隐私政策发生修订,我们将及时通过在产品/服务中进行公示的方式向您提供本隐私政策的最新版本。对于重大变更,我们还会提供更为显著的通知(向您提供弹窗提示或通过您预留的电子邮箱向您发送更新通知)。
本隐私政策所指的重大变更包括但不限于:
1) 我们的服务模式发生重大变化,如处理个人信息的目的、信息类型、使用方式等发生重大变化;
2) 我们在所有权结构、组织架构等方面发生重大变化,如业务调整、破产并购等引起的所有者变更等;
3) 个人信息共享、转让或公开披露的主要对象发生变化;
4) 您所享有个人信息方面的权利及其行使方式发生重大变化;
5) 我们负责处理个人信息事项的责任部门、联络方式及投诉渠道发生变化;
6) 个人信息保护影响评估报告表明存在高风险时。
如果您对本隐私政策有任何意见、建议或疑问,或者有关于您的个人信息请求与咨询,您可通过发送邮件至Privacy@zte.com.cn或通过以下方式和我们联系:中兴通讯股份有限公司数据保护合规部,地址:深圳市南山区科技南路55号,邮编:518057。如您在欧洲经济区,您也通过以下方式联系我们在欧洲经济区的DPO Marco Costantini:电子邮箱marco.costantini@zte.com.cn,电话:+39 3701296535。
一般情况下,我们将在15个工作日内回复您的权利请求及咨询;如果当地有特殊规定,则遵循该规定。如果您对我们的回复不满意,或者当您认为我们的个人信息处理行为可能损害了您的合法权益,您还可以通过向有关部门投诉等外部渠道寻求解决方案。
“SRM网站”是指Supplier Relationship Management.
“个人信息”是指以电子或者其他方式记录的与已识别或者可识别的自然人有关的各种信息,不包括匿名化处理后的信息。
“敏感个人信息”是指一旦泄露或者非法使用,容易导致自然人的人格尊严受到侵害或者人身、财产安全受到危害的个人信息,包括生物识别、宗教信仰、特定身份、医疗健康、金融账户、行踪轨迹等信息,以及儿童的个人信息。
“匿名化”是指通过对个人信息的技术处理,使得个人信息主体无法被识别,且处理后的信息不能被复原的过程。
“假名化”是指对个人信息进行处理,使之在不使用附加信息的情况下不能再溯源至特定个人信息主体,前提是对此类附加信息单独保存并采取技术和组织措施以确保个人信息不可溯源至已识别或可识别的自然人;
“儿童”是指不满十四周岁的未成年人或所在国法规因其年龄将其个人信息规定为敏感或特殊个人信息的未成年人。
Privacy Policy
ZTE Corporation and its subsidiaries (collectively, "ZTE", "us", "we", or "our") understand the importance of personal data to you and try our best to protect the security and accountability of your personal data. We ensure that we apply appropriate security measures to protect your personal data in accordance with high-level industry security standards.
This Privacy Policy applies to ZTE SRM website. Except for the collection and use of relevant data as described in this Privacy Policy, this Privacy Policy does not apply to the other services provided to you by our third-party service providers and other third parties. If you have any questions, comments or suggestions, you may contact us at the following email address: Privacy@zte.com.cn
This Privacy Policy provides you with a full understanding of how the SRM website may collect, use, store, share and transfer your personal data, as well as your rights and how to exercise them. The key points are as follows:
We will describe each type of personal data we collect from you and our use of them, so that you can understand, under a certain function, the types of personal data we collect, the purpose for use, and the manner in which they are collected.
Upon your consent, we may collect your sensitive personal data when you use certain functions. Unless such collection is required by relevant laws and regulations, your refusal to provide such data will not affect the normal use of the other functions of the SRM website than the specific relevant functions.
Unless otherwise stated in this Privacy Policy, we will not willfully share or transfer your personal data with any third party other than ZTE. In the case of any other sharing or transfer of your personal data, we will obtain your explicit consent of the relevant processes directly, unless otherwise prescribed by laws and regulations or when necessary for the protection of users' rights and interests. In addition, we will conduct risk assessment of the data external sharing / transfer activities.
We will not willfully obtain your personal data from any third party other than ZTE. If our business development requires your personal data from third parties, we will verify the legality of the source, or explicitly inform you of the source, type, use scope of your personal data prior to the obtainment. If the processing of your personal data required to carry out our business for SRM website exceeds the scope of consent which you made when providing personal data to the third party, we will obtain your explicit consent prior to such processing of your personal data. In addition, we will strictly comply with relevant laws and regulations and require the third party to ensure the legality of the data it provides.
You may access, rectify, copy, and delete your personal data by the ways and means set forth in this Privacy Policy. You may also withdraw consent, cancel accounts, lodge complaints and reports, and use privacy functions such as personalized settings.
For more detailed information, please read the corresponding sections according to the index below:
1. How We Collect and Use Your Personal Data
2. How Long We Retain Your Personal Data
3. How We Use SDKs, Cookies and Similar Technologies
4. How We Share, Transfer and Disclose Your Personal data
6. Cross-Border Transfer of Your Personal Data
7. How We Protect Minors' Personal Data
8. How We Keep Your Personal Data Safe
Appendix: Relevant Definitions
1. How We Collect and Use Your Personal Data
We may collect your personal data when you use our products and services. Depending on the product or service you use, the specific types of data we collect will vary, including the following two types:
1) In order to provide you with the basic functions of our SRM website, you will need to authorize us to collect and use the data that is necessary for those functions. If you refuse to provide such data, you will not be able to normally use our products and/or services;
2) In order to provide you with the additional functions of our SRM website, you may choose to consent to or refuse our collection and use of data. If you refuse to provide such data, you will not be able to normally use the relevant additional functions or achieve the functional results we intend. However, your use of the basic functions will not be affected.
In particular, we remind you that we are committed to creating a wide variety of products and services to meet your needs. As we provide you with a wide variety of products and services, and different users use different sets of products/services, the basic/additional functions and the corresponding types and scopes of personal data to be collected and used may vary. Please refer to the specific functions of the products/services.
1.1 Our products and/or services collect personal data as follows:
1.1.1 Basic services
On the condition of your consent to use our products/services, we provide services to you based on your registered account. To create your account and meet the business cooperation requirements, you need to provide us with at least your name, gender, nationality, ID type, ID number, birth year, telephone number, personal mailbox, scanned copy of your ID card, city and postcode. If you refuse to provide the above data, you will not be able to register your account and conduct business cooperation. In order to confirm your identity, we may verify your identity based on the above data you provide.
1) Account Registration and Business Cooperation
When you create an account on the SRM website, we need to collect your personal mailbox, name, ID type, ID number, nationality, and a scanned copy of your ID card. Your personal mailbox is the account you use to log in to the system. The name, ID number, and nationality will be used for PO issuance and settlement during business cooperation. To verify the accuracy of your identity, we need you to provide a scanned copy of your ID card. Once the identity verification is complete, the scanned copy of your ID card will be deleted.
2) Task Arrangement
When personnel leasing is involved in the business cooperation with ZTE, we will use your name, telephone number, and personal mailbox for communication. To help ensure your health and safety, we will use your gender and year of birth to schedule the right job position and assignment.
3) Individual Party Screening
ZTE and its subsidiaries comply with applicable international export control laws, including the Export Administration Regulations (EAR). To conduct restricted party screening in accordance with the relevant international export control laws, we need to collect your name and nationality. If you are located in Russia or Ukraine, we also need your postcode and address.
In addition, you may also fill in data such as business department, position, and communication address according to your needs. If you refuse to fill in the above data, the normal use of your account will not be affected.
Your personal data will be deleted or anonymized once you have made it clear by email that you no longer collaborate with ZTE and that the data need to be deleted.
1.2 Our indirect collection of your personal data from third parties (only your employer)
We may collect (e.g., share) your personal data from third parties only if we have determined that the third party has obtained your consent to share such personal data with us, or if the third party is lawfully permitted or required to disclose your personal data to us.
We will inspect the scope of the consent regarding personal data obtained by the third party, including the purpose of use, and whether and to what extent you have agreed to the transfer, sharing, disclosure, deletion, etc.
Personal data obtained from third parties will be used for the purpose of providing services to you and for ensuring the accuracy of any records we may hold relating to you. If we process your personal data beyond the scope of your consent given to the third party, we will obtain your consent directly from you or through the third-party data provider prior to our processing.
1.3 Exceptions to obtaining consent
Pursuant to applicable laws and regulations, we may process your personal data without your prior consent in the following circumstances:
1) Necessary for us to fulfill legal obligations or responsibilities;
2) Necessary for the conclusion and performance of a contract to which you are a party;
3) To deal with public health emergencies, or, in case of emergency, to protect natural persons' life, health, and property safety;
4) Processing, within a reasonable range in accordance with law, either the personal data which you have publicly disclosed or other personal data that have already been legally and publicly disclosed; or
5) Other circumstances prescribed by the applicable laws and regulations.
In an emergency situation, in order to protect your life, health and property or that of other individuals, we may process your personal data while being unable to notify you in a timely manner. We will notify you of the situation as soon as the emergency situation is over.
In some cases, to ensure the security of our services, or to help us better understand the performance of our products or services, we may use other data you provide to us or disclose to us in the course of your interaction with us, such as how often you use the applications, crash data, total usage, performance data and the source of the applications. We will not combine the data we store in analytical software with any identifiable personal data you provide.
Please understand that the functions and services we provide to you are constantly updated and developed. If the collection or use of your personal data for certain functions or services are not informed in this Privacy Policy, we will separately inform you of the scope, purpose and collection method of your personal data through page prompts, interaction processes, website announcements and other methods and may obtain your consent.
If we use your personal data for purposes beyond the scope of your authorization or beyond the scope of directly or reasonably related to our provision of services, we will notify you again and obtain your explicit consent prior to using your personal data.
2. How Long We Retain Your Personal Data
If not specifically stated in this Privacy Policy, we will retain your personal data for the period necessary to achieve the purposes stated in this Privacy Policy, unless an extended retention period is required, authorized or permitted by law. In different scenarios and different products and services, the storage period of data may be different. The standards we use to determine the storage period (whichever the longer) include:
1) The period of time that personal data needs to be retained for the purpose of the business, including providing products and services, maintaining corresponding transaction and business records, controlling and improving the performance and quality of products and services, ensuring the security of systems, products and services, responding to possible user inquiries or complaints, and identifying problems;
2) Whether the user agrees to a longer retention period;
3) Whether there are special requirements for data retention in laws or contracts, etc.
When operation of the product/service/website ceases, we will notify you by pushing notice, public announcement or other methods, and delete or anonymize your personal data within a reasonable period of time.
3. How We Use SDKs, Cookies, and Similar Technologies
3.1 Cookies and similar technologies
Our websites use cookies and other similar technologies to distinguish you from other users. Therefore, when you browse our websites, we will provide you with better user experience, and keep improving our websites.
A cookie is a small file of letters and digits. If you agree, we will store the cookies in the memory or hard drive of your computer or mobile device, and then use such cookies as labels for identifying your computer or mobile device.
Cookies are often classified as "session cookies" or "persistent cookies". Session cookies help you effectively browse our websites and track your page-to-page progress, so that you do not need to repeat the information you provide for the current visit. For instance, when you switch the web pages, your shopping cart will not be cleared. Session cookies are stored in the temporary memory and are deleted when the browser is closed. Persistent cookies can store the user preferences, which are stored on your device and are still valid when you restart your browser. For instance, we use the persistent cookies to record your selected language, country/region, font size, or the settings. With the help of cookies, you do not need to reconfigure the settings when you access our websites next time.
You may clear all cookies stored on your computer, or directly delete all cookies stored on your device. However, if you do so, you need to change the settings every time you access our websites. Most browsers have the ability to block the cookies. If you wish to manage the cookies through the browsers, you may consult the instructions of browser developers, or search the internet. For more information about cookies, please check the website AboutCookies.org.
In addition to cookies, we will use web beacons, pixel tags, and other similar technologies on our websites. For instance, we will send an account activation link to your mailbox. By using the aforesaid technologies to track your clicks on our websites, we can know your preferences for our products and services, and improve the service for our customers. Usually, web beacons are transparent images that are embedded in the websites or emails. With the help of pixel tags in emails, we can know whether the emails are opened or not. If you wish that your behaviors would not be tracked by this means, you can, at any time, change the setting of your mailbox to reject the tracking, or log in to our related service websites to unsubscribe our mail service.
If you set the "Do Not Track" function in your browser, our service websites will respect your choice.
In that case, we will not use cookies for the aforesaid purposes.
4. How We Share, Transfer and Disclose Your Personal Data
4.1 We will not share your personal data with any company, organization or individual other than ZTE and its subsidiaries, except in the following circumstances:
1) Sharing with your explicit consent: We may share your personal data with other parties upon your separate consent.
2) We may share your personal data in accordance with the mandatory requirements by either laws and regulations or government authorities.
3) Sharing with our affiliates: Your personal data may be shared with our affiliates. We will only share personal data that is necessary for our purposes and subject to the purposes stated in this Privacy Policy. If the affiliates wish to change the purposes for which their personal data is handled, they will again ask for your consent.
4) Sharing with authorized business partners: Some of our services will be provided by authorized business partners solely for the purposes stated in this Privacy Policy. We may share certain personal data with our partners to provide better customer service and user experience.
4.2 We will not transfer your personal data to any company, organization or individual, except in the following circumstances:
1) Assignment with your separate consent: We may transfer your personal data to other parties with your separate consent;
2) If a merger, division, dissolution or bankruptcy involves transfer of your personal data, we will promptly notify you of the name and contact details of the recipient of your personal data, and request that the recipient (company, organization or individual) of your personal data continues to be bound by this Privacy Policy. Otherwise, we will require the recipient to seek consent from you again.
4.3 We will disclose your personal data only in the following circumstances:
1) With your separate consent; or
2) Disclosure required by law: We may disclose your personal data in accordance with the mandatory requirements by laws, legal proceedings, litigations or government authorities.
You have various legal rights regarding the personal data we process. These rights may differ in different countries or regions, but mainly include the following:
If you want to access your personal data, you may do so as via the following modules: subcontractor certification, subcontractor human resource management, and human resources maintenance on https://supply.zte.com.cn/nsscm.
5.2 Correct or supplement your personal data
If you find there is an error in your personal data that we process, you have the right to make corrections or supplements. You may make corrections or supplements in the ways listed under "5.1 Access your personal data".
You may delete your personal data in the following circumstances:
1) If we process your personal data in a way that violates a law or regulation;
2) If we process your personal data in a way that violates a provision of this Privacy Policy;
3) If the purpose of processing your personal data as defined by this Privacy Policy has been fulfilled, cannot be fulfilled or the personal data is no longer necessary to fulfill that purpose;
4) If you no longer use our products or services or if you have canceled your account;
5) If you change the scope of the consent so that we no longer have the right to process your personal data;
6) If we no longer provide you with products or services or if the retention period has expired.
If you want to delete your personal information, you can send an email to Privacy@zte.com.cn at any time, and we will respond to your request for correction within fifteen workdays.
Once you have successfully deleted your personal data, we will also, to the extent practicable, notify the parties from who obtained your personal data from us and require them to promptly delete them, unless otherwise required by laws or regulations or when the parties received your separate authorization. Due to the limitations given by applicable laws, regulations or security technologies, after you delete data on your own or with our assistance, we may not immediately delete the corresponding data from the backup system; we will securely store your personal data and restrict further processing and delete such data when updating the backup system.
5.4 Change the scope of your consent
Please understand that each of our business functions requires certain basic personal data. If you withdraw your consent or authorization, we may not be able to continue to provide you with the corresponding services. If the data is necessary for us to perform our obligations under laws or regulations or to provide basic services, we may not be able to respond to your requests or your use of our services may be affected. If you withdraw your consent, we will no longer process your relevant personal data. Your decision to withdraw your consent will not affect any previous processing of personal data that was based on your consent.
If you need to change the scope of your authorization, you can send an email to Privacy@zte.com.cn at any time, and we will respond to your request within fifteen workdays.
You can request to sign out of a previously registered account at any time by sending an email to Privacy@zte.com.cn.
After your account is closed, we will cease to provide you with products or services and delete or anonymize your personal data in accordance to this Privacy Policy.
5.6 Copy, transfer your personal data
At present, users cannot copy or transfer personal information independently. For further assistance, you can send an email to Privacy@zte.com.cn, and we will respond to your request within 15 workdays.
5.7 Responding to your above requests
If your request cannot be fulfilled as above, you may send us a written request by mailing a letter to our address or by email provided in Section 10 of this Privacy Policy. We will respond to your request by letter, email or any other appropriate means. For security reasons, we may require you to make a written request or provide information or documents for identification verification. We will respond to your request within 15 business days after we have verified your identity and clarified your request. We may not be able to fulfil the rights which you do not have under applicable laws, e.g. accessing other individuals' personal data.
When you ask us to make corrections or cease the processing of your personal data, we will delete or correct the data promptly after we confirm that the data is incorrect or that we should cease the processing. If we confirm otherwise, we will notify you promptly and keep your complaint on record.
6. Data Cross-Border Transfer of Your Personal Data
In principle, the personal data that we collect in the People's Republic of China is stored in the People's Republic of China.
If we transfer your personal data to another country or territory, we will take reasonable steps to ensure that your personal data receives the equivalent level of protection as set out in this Privacy Policy. Where required by laws or regulations, we may obtain your separate consent for cross-border transfers of your personal data and conduct security assessments to adequately control the risks and protect the security of your personal data.
7. How We Protect Minors' Personal Data
We attach great importance to the protection of minors' personal data. If you are a minor under the age of 18 or other age pursuant to relevant laws and regulations, you should read and decide whether to agree to this Privacy Policy under the direction of your parent or other legal guardian prior to using SRM website.
Although local laws and customs define a "child" differently, we consider any person under the age of 14 to be a "child". For children under the age of 14, we do not collect personal data without the consent of the child's parent or guardian. For children whose personal data we have collected with the parent or guardian's consent, we will only collect and use such data where the parent or guardian has given their explicit consent, as required by local law. If we collect personal data from a child without verifiable prior consent from a parent or guardian, we will seek to delete the data as soon as possible.
If you are the guardian of a minor, you may contact us via the contact details set out in Section 10 if you have queries about the personal data of the minor under your guardianship.
8. How We Keep Your Personal Data Safe
8.1 We take appropriate physical, organizational and technical measures, such as access control system, monitoring system, encryption, anonymization and pseudonymization, to protect your personal data against unauthorized access, use, disclosure, modification, damage, loss or other forms of illegal processing. Our information security policies and procedures are designed in strict accordance with international standards, and reviewed and updated regularly. In addition, we invite third parties to inspect our security measures to ensure that our security measures meet the requirements for our business, technical changes, and supervision.
8.2 ZTE headquarters in China and some of the subsidiaries have passed the ISO/IEC 27001:2013 Information Security Management System certification and can effectively protect your personal data. ZTE's terminal products, 5G products, core network products, digital technology products and human resource system have been successfully certified with ISO/IEC 27701:2019 Privacy Information Management System. ZTE 5G is the world's first 5G product certified by ISO 27701 and it indicates that ZTE is capable of providing global customers with secure and reliable 5G products and solutions, and delivering high-quality 5G networks.
8.3 In the event of a security incident involving your personal data, we will actively take remedial measures and fulfill our notification obligation, which may include notifying you of the basic information and possible impact of the security incident, the measures we have taken or will take to deal with the incident, and the suggestions on prevention and mitigation of risks you may take on your own initiatives. We will endeavor to notify you in a timely manner by phone, email or push notice.
8.4 We endeavor to protect your personal data. We also ask you to understand that no security measure can be perfect. We have emergency procedures in place. If you know or have reason to believe that your personal data has been lost, stolen, misappropriated or otherwise breached, or if there is any actual or suspected theft of your personal data, you may contact us in accordance with Section 10 of this Privacy Policy.
We may update this Privacy Policy from time to time as applicable laws and regulations change and our products/services continue to improve. If there is any revision to this Privacy Policy, we will promptly provide you with the latest version of this Privacy Policy by publishing it in our products/services. In the event of major changes, we will also use more prominent notice methods (such as a pop-up notification or send an update notification to your reserved email address).
Major changes referred to in this Privacy Policy include but are not limited to:
1) Significant changes in our service model, such as changes in the purpose of processing personal data, the type of processed personal data, and the mode of using personal data;
2) Major changes in the ownership structure and organizational structure, such as changes in owners caused by business adjustment, bankruptcy, or mergers and acquisitions;
3) Changes in the major parties whom personal data are shared with, transferred or disclosed to;
4) Significant changes in your rights regarding personal data and the ways you exercise the rights;
5) Changes in our department responsible for personal data issues, our contacts, or the channels to lodge a complaint;
6) A high risk is indicated in the personal data protection impact assessment report.
If you have any comments, suggestions or questions in relation to this Privacy Policy, or have any requests or inquiries about your personal data, you may contact us at Privacy@zte.com.cn or at the following mailing information: Data Protection Compliance Department of ZTE Corporation, address: No. 55, Keji Road South, Nanshan District, Shenzhen, P.R.China. If you are in the EEA, you may also contact our DPO in the EEA: Marco Costantini, email: marco.costantini@zte.com.cn, tel.: + 39 3701296535.
In general, we will reply to your request to exercise rights and your inquiries within 15 business days. If there are special local regulations regarding response time, such regulations shall be followed. If you are not satisfied with our reply or when you believe that our processing of personal data may violate your legal rights, you may also seek resolution by filing a complaint to the relevant authority or other external channels.
Appendix: Relevant Definitions
"SRM website" refers to the Supplier Relationship Management website.
"Personal data" refers to all kinds of data related to identified or identifiable natural persons recorded by electronic or other means, excluding anonymized data.
"Sensitive personal data" refers to the personal data that is likely to result in damage to the personal dignity of a natural person or damage to his or her personal or property safety once disclosed or illegally used, including data such as biometric identification, religious belief, specific identity, medical health, financial account and whereabouts and tracks, as well as children's personal data.
"Anonymization" refers to the process in which personal data is processed so that it is impossible to identify certain natural persons and that it cannot be recovered.
"pseudonymization" refers to the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
"Children" refer to minors under the age of 14 or the minors whose personal data are categorized as sensitive or special personal data due to their age as stipulated by the law of their residence country.